API for config.zscaler.com?


I’m going to open a support ticket about this too but I think the answer will be no so hopefully a product manager may pick this up.

Is there an API for config.zscaler.com? That is, something that I can interact with to obtain IP addresses/networks for CENR, PAC et al so that I can dynamically update my infrastructure?

Prior to the all new config site, I had written an internal API that our Palo Alto firewalls would query to update security policies with the latest CENR networks, PAC IPs etc. But the new config site uses Javascript and expects the client to be a web browser, so my API is broken and we’re back to tracking changes manually and updating our firewalls by hand which is far from ideal.

It would be useful if Zscaler could provide a native API that would return results in an easily parsed format such as XML or JSON.


1 Like



Cheers @jsood. Appreciate the fast response.

Here is a full list of endpoints:


(you can replace the <zscaler.net> with any zscaler cloud for cloud specific infomation


The API doesn’t seem to expose the hub networks. Is that correct?

Previously my internal API, that the Palo Alto firewalls interface with, was able to fetch different sections; CENR, PAC or hub. I’ve updated my internal API to use https://api.config.zscaler.com/zscaler.net/cenr/json for CENR and https://api.config.zscaler.com/zscaler.net/pac/json for PAC but I’m struggling to figure out how to obtain the recommended hub networks as they’re listed on Config | Zscaler (firewall config requirements).

Any ideas?